What makes anyone think BeOS could be susceptible to this problem, even if it _were_ multi-user? Isn't the messaging system in the BeOS API completely different such that one can't spoof messages? Any API that would allow this seems horribly written to me. Clay >Ingo Weinhold wrote: >> This doesn't really make any sense for R1. The logged in user is always >> root, so there is actually no need for any hacker to elevate their >> privileges. >Yes, forgot about that :) >> For real multi-user, there are a couple of security issues to deal with, >> and ports (on which messaging is based) are one of them. One could for >> instance restrict sending data to/reading them from ports to teams with >> sufficient rights. This will require some further thoughts about daemons >> like the app_server or the registrar, which (at least the former) will >> need root privileges, but will also need to communicate with user apps. >I generally think that the best way to solve this, is to let the >application tell whether or not it wants messages from outside it's team >- and if it wants those, then just from specific applications (though >this could probably be faked/spoofed). >> However, unless I misinterpret Michaels answer to a multi-user related >> question in the IRC Q&A session, *real* multi-user isn't a goal for OBOS >> anyway (though I personally think, that's a pity). >Yes, but the longer we wait, the more apps will break. So if we decide >(sometime in the future) that we want to fix this, and go multiuser, >we'd break a lot of applications... There fore we might want to do this >for R2 at least? >Besides - *no one* knows where R2 will go, yet - not even Michael >Phipps :P >/Brian Matzon